NIST Unveils Updated Cybersecurity Framework 2.0, Expands Reach Beyond Essential Infrastructure


The National Institute of Standards and Technology (NIST) has unveiled the second iteration of its Cybersecurity Framework (CSF), a widely adopted standard for mitigating cyber threats within critical infrastructure sectors. Building on the framework’s proven track record in these essential areas, NIST has broadened the scope of version 2.0 to cater to a diverse range of users and organizations, irrespective of their current level of cybersecurity sophistication.

“The CSF has been a vital tool for many organizations, helping them anticipate and deal with cybersecurity threats,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio.

“CSF 2.0, which builds on previous versions, is not just about one document. It is about a suite of resources that can be customized and used individually or in combination over time as an organization’s cybersecurity needs change and its capabilities evolve.”

The CSF, developed by NIST, was initially introduced in 2014 as a response to an executive order from 2013 aimed at bolstering cybersecurity within critical infrastructure, a directive from the Obama administration. While its use is not mandatory, the framework serves as a valuable tool for entities in vital sectors, such as healthcare, to strengthen their cybersecurity measures and reduce the risk of cyber threats.

After ten years, the CSF has received its first significant overhaul with Version 2.0. This latest update not only refines the core advice of the framework but also provides additional resources that enable users to customize the framework according to their specific requirements.

Moreover, Version 2.0 aligns with the National Cybersecurity Strategy and places a greater emphasis on governance, offering guidance on how organizations can make well-informed decisions regarding their cybersecurity strategies.

Users will be provided with the CSF 2.0 Reference Tool, a feature that simplifies the process of searching and exporting information from the core guidance of the CSF. Additionally, NIST has developed a searchable database that correlates particular security measures with CSF controls, allowing users to align the CSF’s recommendations with over fifty different cybersecurity resources.

Having been translated into thirteen different languages, the CSF has stood as a foundational element in the protection of critical infrastructure for the last ten years. With these recent enhancements, an even broader array of organizations will be able to utilize the advantages offered by this framework.

The CSF 2.0 serves as a roadmap for organizations to enhance their cybersecurity resilience, protect sensitive data, and maintain trust in an increasingly interconnected digital landscape. Where are you at on your journey? Let the team at 2W Tech lead you in your journey!

Read More:

Stay Organized with Microsoft Lists

Make Cyber Maturity Assessments Standard Practice

Back to IT News